Lucene search
K
IbmMost viewed

35634 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 11:23 a.m.53 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass

Summary Node.js is used by IBM App Connect Enterprise Certified Container for running integration code. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability in Node.js...

9.8CVSS6.4AI score0.01484EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 2:40 p.m.53 views

Security Bulletin: Vulnerabilities in Expat (AKA libexpat) affect IBM Storage Protect for Virtual Environments: Data Protection for VMware (CVE-2022-23852, CVE-2022-23990)

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by vulnerabilities in the Expat library. The vulnerabilities can lead to execution of arbitrary code, as described by the CVEs in the "Vulnerability Details" section. The vulnerabilities have been...

9.8CVSS9.4AI score0.04525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 1:3 p.m.53 views

Security Bulletin: IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments are vulnerable to confidentiality impact, availability impact, integrity impact, and arbitrary code execution due to multiple CVEs in IBM Java

Summary IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments are affected by multiple vulnerabilities in IBM Java: CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597. The vulnerabiltie...

9.1CVSS8.4AI score0.02474EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/30 4:29 a.m.53 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Apache MINA SSHD (CVE-2023-35887)

Summary Apache MINA SSHD is shipped with IBM Tivoli Netcool Impact as part of the Command Line Manager service. Information about a security vulnerability affecting Apache MINA SSHD has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Apache MINA SSHD...

5CVSS5.7AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/28 7:41 a.m.53 views

Security Bulletin: IBM Operational Decision Manager September 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-2253...

6.5CVSS7.3AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/19 9:6 a.m.53 views

Security Bulletin: Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI

Summary There is vulnerability in moment-timezone opensource package which affects IBM VM Recovery Manager HA and DR GUI. Vulnerability Details CVEID:CVE-2022-43441 DESCRIPTION: Ghost node-sqlite3 could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS8.4AI score0.05664EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/13 9:34 a.m.53 views

Security Bulletin: Vulnerability in IBM Java affects DB2 Recovery Expert for Linux, Unix and Windows

Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of...

7.5CVSS7.4AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/11 4:44 p.m.53 views

Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities (CVE-2023-21939, CVE-2023-21967, CVE-2022-29117, XFID: 234366)

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF19 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.19.0 CVE-2023-21939, CVE-2023-21967. The following 3rd party components used...

7.5CVSS7.6AI score0.04913EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 1:29 p.m.54 views

Security Bulletin: Vulnerability found in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-46363)

Summary Vulnerability have been identified in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.5CVSS8.4AI score0.01193EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 12:38 p.m.53 views

Security Bulletin: Vulnerabilities found in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center(CVE-2019-10202, CVE-2019-10172)

Summary Multiple vulnerabilities have been identified in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerabilit...

9.8CVSS8.9AI score0.17044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 11:22 a.m.53 views

Security Bulletin: CVE-2022-40609 may affect Java Technology Edition used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2022-40609 vulnerability in Java Technology Edition could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw by sending specially-crafted data. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Editi...

9.8CVSS8.9AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/02 12:41 a.m.53 views

Security Bulletin: IBM Security Verify Information Queue has multiple information exposure vulnerabilities (CVE-2023-33833, CVE-2023-33834, CVE-2023-33835)

Summary IBM Security Verify Information Queue ISIQ v10.0.6 has remediated several vulnerabilities in which internal product details were being disclosed that could be exploited for harmful attacks. Vulnerability Details CVEID:CVE-2023-33835 DESCRIPTION: IBM Security Verify Information Queue could...

7.5CVSS4.8AI score0.00578EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 7:54 p.m.53 views

Security Bulletin: IBM TRIRIGA Application Platform discloses denial of service (CVE-2022-31129)

Summary Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is...

7.5CVSS7.5AI score0.04923EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 8:41 p.m.53 views

Security Bulletin: IBM Security Directory Suite has multiple vulnerabilities [CVE-2022-33163 and CVE-2022-33168]

Summary The following vulnerabilties in IBM Security Directory Suite have been addressed. Please apply the fixes shown below. CVE-2022-33163 and CVE-2022-33168 Vulnerability Details CVEID:CVE-2022-33163 DESCRIPTION: IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critic...

8.1CVSS6.4AI score0.00765EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/19 8:13 p.m.53 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2023-28530, XFID: 212233, CVE-2022-24999, CVE-2023-28530, CVE-2023-25929)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.4 FP2. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP7. Denial of Service DOS vulnerabilities have been addressed in Netplex json-smart-v2 CVE-2023-1370 , node.js d3-colo...

7.5CVSS8.2AI score0.14663EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/14 10:12 p.m.53 views

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in netplex json-smart-v2 (CVE-2023-1370)

Summary A denial of service vulnerability in netplex json-smart-v2 used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...

7.5CVSS7.7AI score0.01119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 5:54 a.m.53 views

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager Virtual Appliance

Summary Multiple security vulnerabilities for open source components used in IBM Security Verify Governance, Identity Manager - Virtual Appliance component have been addressed. Vulnerability Details CVEID:CVE-2020-7729 DESCRIPTION: Node.js grunt module could allow a remote authenticated attacker ...

9.8CVSS9.9AI score0.30367EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/16 7:23 p.m.53 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management (CVE-2022-1280, CVE-2023-0386, CVE-2022-4269, CVE-2022-2873, CVE-2022-4378)

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include gaining elevated privileges, obtaining sensitive information, causing the system to crash, and denial of service attack, as described by the CVEs in the "Vulnerability Details"...

7.8CVSS7.9AI score0.0788EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 7:28 p.m.53 views

Security Bulletin: Pallets Flask is vulnerable to CVE-2023-30861 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Pallets Flask which is vulnerable to CVE-2023-30861 Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by missing Vary: Cookie header. By sending a specially crafted...

7.5CVSS7.4AI score0.01261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 10:20 p.m.53 views

Security Bulletin: IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities

Summary IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...

7.8CVSS6.9AI score0.01048EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/24 1:34 p.m.53 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that can cause clients to be redirected by an aggregated API server SSRF CVE-2022-3172 Vulnerability Details CVEID: CVE-2022-3172 Description: Kubernetes kube-apiserver is vulnerable to...

8.2CVSS6.7AI score0.02464EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 1:42 p.m.53 views

Security Bulletin: Multiple Vulnerabilities (CVE-2023-24998, CVE-2023-1436) affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Multiple Vulnerabilities CVE-2023-24998, CVE-2023-1436 affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. This fix resolves these vulnerabilities. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are...

7.5CVSS7.1AI score0.46836EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/08 6:25 p.m.53 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)

Summary IBM WebSphere Application Server is vulnerable to cross site scripting in the Admin Console. This has been addressed in the remediation section below. Vulnerability Details CVEID:CVE-2023-24966 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This...

6.1CVSS5.9AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/05 12:40 p.m.53 views

Security Bulletin: CVE-2023-24998 may affect IBM CICS TX Advanced

Summary CVE-2023-24998 may affect IBM WebSphere Application Server Liberty supplied with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service,...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.53 views

Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Networking Switch products (CVE-2016-2183)

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM BladeCenter Networking Switch products. The IBM BladeCenter Networking Switch products below have addressed the applicable CVE. Vulnerability Details Summary OpenSSL...

7.5CVSS6.7AI score0.95707EPSS
Exploits7Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.53 views

Security Bulletin: IBM System Networking Products not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)

Summary IBM System Networking Products are not vulnerable to the Bash vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and the two memory corruption vulnerabilities. Vulnerability Details Abstract IBM System Networking Products are not vulnerable to the Bash vulnerabilitie...

10CVSS8.4AI score0.99999EPSS
Exploits158
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.53 views

Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter

Summary The switch firmware deliverables listed below have addressed the applicable NTP CVEs. Vulnerability Details Summary The switch firmware deliverables listed below have addressed the applicable NTP CVEs. Vulnerability Details: CVE-ID: CVE-2014-9750 Description: NTP NTPd could allow a remote...

7.7CVSS7.5AI score0.11887EPSS
Exploits5Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 5:55 p.m.53 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in MIT krb5 (CVE-2022-42898).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in MIT krb5 caused by an integer overflow in PAC parsing in the krb5parsepac function CVE-2022-42898. MIT krb5 is included as part of the Base OS used by our service images. Please read th...

8.8CVSS8.6AI score0.06419EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 4:13 p.m.53 views

Security Bulletin: Multiple vulnerabilities in VMware ESXi affect IBM Cloud Pak System

Summary Vulnerabilities identified in VMware ESXi bundled with Cloud Pak System. Cloud Pak Systen has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-28693 DESCRIPTION: Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by unprotect...

6.5CVSS6.9AI score0.04947EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 11:49 a.m.53 views

Security Bulletin: Vulnerability in gson-2.8.0.jar affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)(CVE-2022-25647).

Summary The gson-2.8.0.jar package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVECVE-2022-25647 Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserializatio...

7.7CVSS7.4AI score0.1158EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.53 views

Security Bulletin: OpenSLP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerability is CVE-2019-5544...

9.8CVSS10AI score0.96823EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.53 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Tomcat affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid...

7.5CVSS7.5AI score0.01448EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...

7.8CVSS7.4AI score0.03981EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 5:0 p.m.53 views

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183

Summary There are vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of...

6.5CVSS7AI score0.44515EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/26 1:4 a.m.53 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS2900 (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects TS2900. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPO...

4.3CVSS3.7AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/23 8:9 a.m.53 views

Security Bulletin: WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is vulnerable to a remote code execution vulnerability. Vulnerability Details CVEID:CVE-2023-23477 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execu...

9.8CVSS9.3AI score0.01949EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/10 6:29 p.m.53 views

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF018 and 22.0.2-IF002. Vulnerability Details CVEID:CVE-2022-38749 DESCRIPTION: SnakeYAML is vulnerable to a denial of servic...

7.5CVSS8.4AI score0.92488EPSS
Exploits13Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/10 4:2 p.m.54 views

Security Bulletin: server-side request forgery vulnerability in Apache CXF (CVE-2022-46364) may affect CICS TX Standard

Summary CICS TX Standard has addressed a vulnerability in Apache CXF CVE-2022-46364. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a...

9.8CVSS9.1AI score0.0193EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/01 4:31 p.m.53 views

Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. (CVE-2022-43902)

Summary An issue was identified within the IBM MQ Server component that would allow an authenticated attacker with sufficient MQ permissions to send MQSC or PCF commands to execute a denial of service attack by sending specially crafted payload. Vulnerability Details CVEID:CVE-2022-43902...

7.5CVSS7.2AI score0.00785EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.53 views

Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479. An exploit of these vulnerabilities could allow a remote attacker to cause a denial of service condition. Vulnerability...

7.8CVSS7.1AI score0.98745EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 7:40 p.m.53 views

Security Bulletin: Multiple CVEs affect IBM Integration Designer

Summary Multiple vulnerabilities found in 3rd party software used by IBM Integration Designer. IBM Integration Designer has addressed the multiple CVEs. Vulnerability Details CVEID:CVE-2020-36181 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on th...

10CVSS10AI score0.99615EPSS
Exploits60Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 5:40 a.m.53 views

Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearQuest (CVE-2022-21626)

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in October 2022. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...

5.3CVSS6.1AI score0.01746EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 2:47 p.m.53 views

Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.

Summary Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring. Vulnerability Details CVEID:CVE-2022-22739 DESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by missing throttling on external protocol...

10CVSS10AI score0.26709EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 6:49 a.m.53 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to FasterXML jackson-databind denial of service (CVE-2022-42003)

Summary Potential vulnerabilities in FasterXML jackson-databind which is caused by a lack of a check in the primitive value deserializers when the UNWRAPSINGLEVALUEARRAYS feature is enabled CVE-2022-42003 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer t...

7.5CVSS7.6AI score0.02824EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 5:54 a.m.53 views

Security Bulletin: Rational Test Automation Server is vulnerable to Allocation of resources without limits vulnerability due to Keycloak (CVE-2021-3637)

Summary Vulnerability related to allocation of resources without limits associated with the Keycloak versions before 14.0.0 impacts Rational Test Automation Server. Vulnerability Details CVEID:CVE-2021-3637 DESCRIPTION: Keycloak is vulnerable to a denial of service, caused by a flaw in the...

7.5CVSS7.3AI score0.01129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/10 12:6 p.m.53 views

Security Bulletin: The Java version bundled with IBM Cognos Express is susceptible to unspecified vulnerabilities in the Java Runtime Environment (JRE) (CVE-2012-0498 and CVE-2012-5081)

Summary The version of Java included with IBM Cognos Express has a reported vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D CVE-2012-0498 and allows remote attackers to affect availability CVE-2012-5081...

10CVSS7.7AI score0.45113EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/04 6:21 p.m.53 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to HTTP request smuggling due to CVE-2022-32215

Summary Node.js is used by all IBM App Connect Enterprise Certified Container operands. IBM App Connect Enterprise Certified Container operands may be vulnerable to HTTP request smuggling. This bulletin provides patch information to address the reported vulnerability CVE-2022-32215 in Node.js...

6.5CVSS7.1AI score0.68796EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/03 5:22 p.m.53 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2017-0663 and loss of confidentiality due to CVE-2017-7375

Summary Libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the operand images as part of the base operating system. Use of libxml2 within IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution and loss of...

9.8CVSS8.7AI score0.0264EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/27 6:15 p.m.53 views

Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-34903 DESCRIPTION: GnuPG could allow a remote attacker to conduct spoofing attacks, caused by a flaw when processing secret-key information from keyring. By sending a...

7.6CVSS8AI score0.07017EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/25 2:42 a.m.53 views

Security Bulletin: IBM Robotic Process Automation is allows weak passwords priort to 21.0.3 (CVE-2022-35280)

Summary Prior to version 21.0.3 IBM Robotic Process Automation allowed weak passwords that may make it easier for attackers to compromise accounts. As of release 21.0.3 IBM Robotic Process Automation enforces strong passwords. Vulnerability Details CVEID:CVE-2022-35280 DESCRIPTION: IBM Robotic...

9.8CVSS6.7AI score0.00669EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000